i am here

i am here

As an AWS consultant/trainer I travel a lot for my work. When at customers locations, I occasionally want to log in into our sandbox environment. In previous postings, I have shown how we increase security by switching on and off the bastion host with a single (or double) key-press of the AWS IoT button.

In another post you can find how I setup my ssh configuration to use the bastion host without ever logging in to it and yet get access to our ec2 instances.

In this post, let me share iamhere with you. It is a little script that I use to modify the security group that protects inbound traffic to our bastion host. The bastion host has a security group attached to it that ‘whitelists’ the IP addresses of our office locations. But when on the road, that is of no use – unless I would first setup a VPN connection to our onprem infrastructure, which defeats the whole idea of using ‘The Cloud’.

So I added an extra security group to the bastion host, named ErikIsHere and the iamhere script on my laptop configures that security group to whitelist my IP address – wherever I am. With the -c option, the whitelisted ports are removed again.

It’s just a quick hack, so use it as is but feel free to adapt it for your own use! You find the script here.